meow-plan
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to interpolate user-provided planning requests and generated thread names directly into shell commands, such as
mfl run --stage plan "<planning-request>"andmfl thread set name '<name>'. This creates a potential surface for command injection if the input contains shell-sensitive characters that escape the quoting mechanisms. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from external sources which may contain untrusted content.
- Ingestion points: The agent reads data into its context from the output of
mfl thread statusandmfl handoff getinSKILL.md. - Boundary markers: The instructions lack explicit delimiters or warnings to ignore embedded instructions within the processed tool outputs.
- Capability inventory: The skill possesses significant capabilities, including executing subprocesses for the
mfl,paseo, andgitCLI tools. - Sanitization: There is no evidence of sanitization or validation of the ingested data before it influences agent decision-making or is passed to other commands.
Audit Metadata